UK SOX Guidance

What you need to know about UK SOX

New regulations on audits and corporate governance are set to roll out across the United Kingdom

A UK equivalent to the USA’s Sarbanes-Oxley Act has been in the works for some time, it looks as though launch day is edging closer and closer. If you’re a director in a UK company, SOX compliance is something you’re going to need to know about. In a bid to help our network navigate this new regulation, we’ve pulled together this guide to cut through the noise.

What is SOX compliance?

SOX was brought into action in the US to protect the public and investors from fraudulent practices by businesses. This is achieved through total transparency when it comes to financial reporting by introducing a formal process that must be followed by boards and officers of publicly traded companies. 

There are strict requirements covering enhanced financial disclosure, internal control assessment, corporate governance, and auditor independence.

Due to constant calls for audit reform in the UK, we’re set to bring in a version of SOX to our shores. While it may sound like more red tape for businesses, there are many benefits that come with a regulation like SOX, including financial protection and increase cybersecurity thanks to the reduced business-wide access to financial systems and data.

Who is affected?

Current requirements for SOX compliance in the UK only impact business trading on the Financial Times Stock Exchange. However, SOX is coming for the rest of us too so other organisations should get a head start on looking at introducing a SOX programme. Internal controls programmes can be notoriously slow to get off the ground, so it never hurts to get some formal practices in place now.

This is particularly true for any businesses that:

  • Are looking to increase automation and lower costs
  • Plan to go public soon
  • Would like continuous control monitoring
  • Are already looking at building new internal controls

If you needed any more reasons to begin looking into SOX now rather than later, here's one that should make your mind up: budget and resource allocation. In addition to building internal auditing process and integrated internal audits, public companies will need to provide annual reporting on the operational effectiveness of their internal controls over financial reporting.

The fundamentals
of SOX

Getting your SOX programme off the ground is relatively straightforward in theory. The real task comes in successful implementation and establishing proper internal controls control over financial reporting. The USA has enjoyed the benefits of their successful 2002 SOX rollout, below are some of the more important factors we've learned from them.

Finance & IT

The two main divisions to be affected by SOX are finance and IT, and as such they need to be firing on all cylinders in the first instance. You might want to review your current systems, people and processes in both teams to ensure they're going to be as collaborative and effective as possible.

Steer the ship

Develop protocols and coordinate testing through a SOX steering group. As with any regulatory change, having a dedicated steering group can prove to be an invaluable mechanism to help you drive a big change through and keep it on track.

Educate Employees

To build a truly embedded controls procedure that is adopted business-wide, you'll need to spend time ensuring everyone from c-suite to junior levels are on board. Training should be your first port of call for ensuring everyone sticks to the process.

Don't forget IT

Chances are that you rely on some form of third party environment for processes or data flows. Knowing their role in your SOX programme is vital to understanding potential risks and how to mitigate them.

Standardise it

Keep things consistent and avoid changes to your process by clearly defining your approach to identifying, documenting and evidencing key financial controls. Otherwise you may find yourself losing budget and time during the design and implementation phase.

Build your process

Start with a comprehensive risk assessment to ensure your programme is as sustainable as possible, then define your process and control owners for each stage of the plan so everyone knows which elements they're responsible for.

Invest in the right help

As with any new process, it's likely that you may need some new resource to support you through the initial implementation and improvement stages. If you find that to be the case, the Deltra team is on hand to help by putting you in touch with our extensive network of programme, change and process improvement specialists.



Email address


Phone Number


By submitting your email address and any other personal information on the website, you consent to it being collected, held, used and disclosed in accordance with our Privacy Policy.


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.